Gathering detailed insights and metrics for hermes-engine-cli
Gathering detailed insights and metrics for hermes-engine-cli
Installations
npm install hermes-engine-cliReleases
23
Developer
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
Typescript Support
No
Node Version
16.15.0
NPM Version
8.10.0
Statistics
9,946 Stars
5,437 Commits
643 Forks
144 Watching
33 Branches
255 Contributors
Updated on 28 Nov 2024
Languages
C++ (51.78%)
JavaScript (36.88%)
Rust (5.69%)
Python (1.61%)
Java (1.53%)
TypeScript (0.88%)
CMake (0.54%)
Objective-C++ (0.54%)
C (0.2%)
Shell (0.18%)
Swift (0.11%)
NASL (0.02%)
Ruby (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
213,660
Last day
-48.2%
87
Compared to previous day
Last week
-14.4%
1,211
Compared to previous week
Last month
-13.9%
6,892
Compared to previous month
Last year
-77.4%
34,861
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
Versions
Hermes JS Engine
Hermes is a JavaScript engine optimized for fast start-up of React Native apps. It features ahead-of-time static optimization and compact bytecode.
If you're only interested in using pre-built Hermes in a new or existing React Native app, you do not need to follow this guide or have direct access to the Hermes source. Instead, just follow these instructions to enable Hermes.
Noted that each Hermes release is aimed at a specific RN version. The rule of thumb is to always follow Hermes releases strictly. Version mismatch can result in instant crash of your apps in the worst case scenario.
If you want to know how to build and hack on Hermes directly, and/or integrate Hermes built from source into a React Native app then read on.
The instructions here very briefly cover steps to build the Hermes CLI. They assume you have typical native development tools setup for your OS, and support for cmake and Ninja. For more details of required dependencies, building Hermes with different options, etc. follow these links instead:
To build a local debug version of the Hermes CLI tools the following steps should get you started on macOS/Linux:
1mkdir hermes_workingdir 2cd hermes_workingdir 3git clone https://github.com/facebook/hermes.git 4cmake -S hermes -B build -G Ninja 5cmake --build ./build
Or if you're using Windows, the following should get you going in a Git Bash shell:
1mkdir hermes_workingdir 2cd hermes_workingdir 3git -c core.autocrlf=false clone https://github.com/facebook/hermes.git 4cmake -S hermes -B build -G 'Visual Studio 16 2019' -A x64 5cmake --build ./build
You will now be in a directory with the output of building Hermes into CLI tools. From here you can run a piece of JavaScript as follows:
1echo "'use strict'; function hello() { print('Hello World'); } hello();" | ./bin/hermes
Contributing
The main purpose of this repository is to continue to evolve Hermes, making it faster and more efficient. We are grateful to the community for contributing bugfixes and improvements. Read below to learn how you can take part in improving Hermes.
Code of Conduct
Facebook has adopted a Code of Conduct that we expect project participants to adhere to. Please read the full text so that you can understand what actions will and will not be tolerated.
Contributing Guide
Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to Hermes.
License
Hermes is MIT licensed.
No vulnerabilities found.
Reason
30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
all changesets reviewed
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
project is fuzzed
Details
- Info: OSSFuzz integration found
- Info: CppLibFuzzer integration found: tools/fuzzers/libfuzzer/fuzzer-jsi-entry.cpp:22
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/facebook/.github/SECURITY.md:1
- Info: Found linked content: github.com/facebook/.github/SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: github.com/facebook/.github/SECURITY.md:1
Reason
binaries present in source code
Details
- Warn: binary detected: android/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: external/flowparser/libflowparser-linux.a:1
- Warn: binary detected: external/flowparser/libflowparser-mac.a:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-tag.yml:1
- Info: no jobLevel write permissions found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v0.13.0 not signed: https://api.github.com/repos/facebook/hermes/releases/170652038
- Warn: release artifact v0.12.0 not signed: https://api.github.com/repos/facebook/hermes/releases/75283140
- Warn: release artifact v0.11.0 not signed: https://api.github.com/repos/facebook/hermes/releases/58136559
- Warn: release artifact v0.10.0 not signed: https://api.github.com/repos/facebook/hermes/releases/53314382
- Warn: release artifact v0.9.0 not signed: https://api.github.com/repos/facebook/hermes/releases/48853334
- Warn: release artifact v0.13.0 does not have provenance: https://api.github.com/repos/facebook/hermes/releases/170652038
- Warn: release artifact v0.12.0 does not have provenance: https://api.github.com/repos/facebook/hermes/releases/75283140
- Warn: release artifact v0.11.0 does not have provenance: https://api.github.com/repos/facebook/hermes/releases/58136559
- Warn: release artifact v0.10.0 does not have provenance: https://api.github.com/repos/facebook/hermes/releases/53314382
- Warn: release artifact v0.9.0 does not have provenance: https://api.github.com/repos/facebook/hermes/releases/48853334
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:356: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:363: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:364: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:389: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:493: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:571: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:574: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:278: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:299: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:339: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:550: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:563: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:593: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:431: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:503: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:518: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:520: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:525: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:534: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-tag.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/hermes/create-tag.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: test/circleci-e2e/run.sh:31
- Warn: npmCommand not pinned by hash: test/circleci-e2e/run.sh:33
- Info: 0 out of 33 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 9 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
23 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: CVE-2021-24045
- Warn: Project is vulnerable to: CVE-2022-32234
- Warn: Project is vulnerable to: CVE-2022-35289
- Warn: Project is vulnerable to: CVE-2022-40138
- Warn: Project is vulnerable to: CVE-2023-23556
- Warn: Project is vulnerable to: CVE-2023-23557
- Warn: Project is vulnerable to: CVE-2023-24832
- Warn: Project is vulnerable to: CVE-2023-24833
- Warn: Project is vulnerable to: CVE-2023-25933
- Warn: Project is vulnerable to: CVE-2023-28081
- Warn: Project is vulnerable to: CVE-2023-30470
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: CVE-2024-24806
- Warn: Project is vulnerable to: RUSTSEC-2024-0320
- Warn: Project is vulnerable to: RUSTSEC-2020-0095
- Warn: Project is vulnerable to: RUSTSEC-2023-0045 / GHSA-wfg4-322g-9vqv
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Score
5.3
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More